cesium wrote:Perhaps, but I am no expert (or dev - the OSS devs are at the oss-devel mailing list). Right now, I'm curious to find out whether it's a sync issue or an overflow issue (very likely the first, but I want to make sure).

Do you mean "buffer overflow"?

In computer security and programming, a buffer overflow, or buffer overrun, is an anomaly where a program, while writing data to a buffer, overruns the buffer's boundary and overwrites adjacent memory. Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program operates. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security. They are thus the basis of many software vulnerabilities and can be maliciously exploited.http://en.wikipedia.org/wiki/Buffer_overflow

Perhaps. I don't quite know. In any event, IIRC there's a separation between kernel address space and userland address space under Linux/modern OSs (the former ought to be unwritable/readable from userland. Kernel modules have copy_to_user/copy_from_user() funcs and other methods for passing stuff around). A program would have to somehow modify the kernel area and I don't see how it inject stuff in these spots (without already having root etc.), so all we get is a crash. I'm no expert mind you...

[edit: in any event, the thread is about helping o01eg, and this is tangential. o01eg: my last post on the matter is at here]

We already saw a trace. And the program in question probably doesn't even use Pulse (play is from sox, and has several backends). Even if Pulse was involved, kernel modules shouldn't cause a panic due to input, so OSS is at fault here regardless. [Edit: using Pulse might sidestep the crash though, as it has its own mixing]

cesium wrote:We already saw a trace. And the program in question probably doesn't even use Pulse (play is from sox, and has several backends). Even if Pulse was involved, kernel modules shouldn't cause a panic due to input, so OSS is at fault here regardless.

EDIT: I certainly want to believe that the removal of PulseAudio may solve the problem, but, first of all, I want to know the truth. In any case, the unwillingness to discuss the security issue makes it sound even more scary.

Clever attack exploits fully-patched Linux kernel...The exploit works only when a security extension knows as SELinux, or Security-Enhanced Linux, is enabled. Conversely, it also works when audio software known as PulseAudio is installed. http://www.theregister.co.uk/2009/07/17 ... l_exploit/